Researchers discover phishing attacks concealed in Google Cloud services
Phishing attacks are on the rise. The latest is cybercriminals trying to exploit Google Cloud Services to steal users’ sensitive data.
Check Point researchers have discovered a new cybercrime trend wherein hackers are exploiting Google Cloud Platform (GCP) to conduct phishing attacks. Researchers warn that the new attacks are far more difficult for users to identify as phishing.
Researchers explain that hackers are using the popular cloud storage service to disguise their malicious activities. Hackers are also succeeding in going undetected by the red flag labels that usually warn users about suspicious websites or domains.
Demonstrating the new cybercrime trend, researchers said that they have come across a PDF file that was uploaded to Google Drive. The file contained a link to a phishing page which is hosted on storage.googleapis[.]com/asharepoint-unwearied-439052791/index.html.
Hackers then prompt users to enter their Office 365 credentials or organisation email details. Once a user enters the credentials, they are directed to a PDF report published by a globally known firm. Since the hack is hosted on Google’s cloud platform, users are unaware that this is a phishing scam.
“Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify a phishing attack. Traditional red flags of a phishing attack, such as look-alike domains or websites without certificates, won’t help us much as we enter a potential cyber pandemic. Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend, and learn how to protect themselves. It starts by thinking twice about the files you receive from senders,” Lotem Finkelsteen, Check Point’s Manager of Threat Intelligence said in a post.
To stay protected, users should be more cautious of lookalike domains. You should look out for easy-to-miss spelling errors in the domain and website names. Do not download any file sent by an unknown sender. Users are also advised not to fall for “special offers” emails, especially those promise a cure for coronavirus. Another thing users can do is have to unique passwords for their email accounts.